This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

This Website Uses CookiesBy closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

5 Cybersecurity Lessons Learned from the Super Bowl

The NFL’s biggest game – and one of the largest sporting events on the planet – is just days away, offering millions the chance to be entertained for a few hours. Fans will be glued to their television sets to experience the drama, the competition and the showmanship. Will they be thinking about cyber threats? Probably not. But, surprisingly, business owners can learn some valuable lessons about cybersecurity from the Super Bowl.

The NFL is a business. And like many businesses, it works with a massive ecosystem of outside companies to deliver its product to the people. Thousands of third-party vendors – from the rented stadium, ticket sellers and HVAC-system providers, to the retailers and halftime show techs – are required to produce the show. Unprotected third-party vendors provide a path of least resistance for cybercriminals to sneak through the digital back door, potentially compromising safety, leaving data unprotected and creating havoc for organizations.

While 71 percent of companies feel confident their security activities are effective, only 32 percent require third parties to comply with their policies, according to the most recent PwC Global State of Information Security Survey. Furthermore, the study found that third-party security incidents are on the rise. In the past two years alone, the number of companies attacked rose from 20 to 28 percent.

Having a plan to deal with vendors is important, but it’s just one of the lessons to be learned from the Super Bowl. Here are five takeaways about cybersecurity every business owner can score from the big game:

1.Offense is easier than defense: Defense has an impossible job on the field. It can’t possibly prepare for every play the offense runs. As the old adage says, “The best defense is a good offense.” Business owners that arm their companies with a strategic offense will be less vulnerable to cyber attacks than those who are constantly trying to play defense against a multitude of threats. Remember: the bad guys only have to be right once to take down their targets.

2.It’s a people game: Technology takes center stage in the big game. Massive video walls, anti-concussion helmets and interactive capabilities allowing fans to order a hot dog from their seats are all part of the experience. But the reality is, the game is won or lost by people. Companies that become distracted by cyber defense technologies may erroneously believe they are safe from an attack. As long as the human element is involved, risk exists.

3. Winning takes continuous effort: Like football, cybersecurity requires work. While the Super Bowl is the punctuation mark on the season, both teams traveled a long, tough road to reach the championship. It’s not a one-and-done situation. In business, it’s tempting to believe that purchasing a firewall on any given Sunday and throwing it in a rack provides adequate protection. The fact is, cybersecurity and the management of cyber risks is never done.

4. Protect your assets: In a football game, there are only two things worth protecting: the quarterback and the football. The team that does the best job safeguarding these two assets wins. Likewise, in the business world, companies must identify their “quarterbacks and footballs.” Bank accounts, credit cards, identities, intellectual property and reputation are the five critical assets that need protection, and should be where all the energy is focused.

5. Teamwork: Businesses typically focus on their core competencies and outsource functions like payroll, banking, logistics and other specialized skills. As mentioned earlier, these third-party relationships can unwittingly pose a cyber threat by leaving the digital backdoor wide open. Organizations working with third-party vendors should clearly spell out their position on cybersecurity in all contracts and require regular audits for compliance.

Unfortunately, cyber attacks are not a matter of “if," but “when.” Like football players, all companies will eventually get hit. The key to survival is being able to mitigate the damage and recover. Software alone, like helmets and padding for players, is not enough to protect organizations from injury. Players and companies must play smart by using proper mechanics and ensuring the entire team is on the same page.

This article was originally published in our monthly newsletter, Today's Cybersecurity Leader. You can subscribe here.

Reg Harnish is CEO of GreyCastle Security, a cybersecurity consulting firm dedicated to the practical management of cybersecurity risks.

Events

A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.

In this webinar, security expert Pieter Danhieux explores how CISOs and CIOs can inspire real change, fostering a positive security culture that enables their development teams to become more security-aware, more aligned with internal AppSec specialists and, ultimately, securing code as it is written.

Products

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

Our special report this month features 26 security leaders who are changing the industry, inspiring many and leading with innovation. Security experts discuss the CCPA, public-private relationships, mobile device security and how aware employees can mitigate active shooter events and workplace violence.